FCWPerspectives
46
June/July 2021 FCW.COM
Government leaders have realized that
“accessible online services were absolutely critical.”
realized there was no way to easily identify the callers. Unable to map names to phone numbers, “we just decided to kill the call.”
The lesson is that “these types of communication platforms are going to be leveraged, and there are some new challenges relative to boundaries and security controls that we now need to examine further,” the participant said.
“I think the key for everyone is really thinking about the user story,” another official said. “Who are the users who have to be able to access these vital systems to do their jobs? How difficult are you going to make it for them? If you make it too difficult, guess what? They’re going to find other ways that are not secure to do the same thing. You’re forcing them to do it in an inse- cure way because you’re making it so hard that it just doesn’t work.”
Making sense of the
security challenges
Another official said: “We really need to think about the security and the things we were doing around that to
make sure that we can keep doing that in a secure, safe way, but at the same time maximize some of the traction that we’ve made in this last year.”
Zero trust security will be an increasingly important part of those efforts, the group agreed. There is a buzzword factor at work, one said, “but the reality is that we should be able to work in an environment where people can get to the tools they need how- ever they can but in a secure way. And we’ve seen a lot of this shift. Whether it’s development or whether it’s deploy- ment, all these things are now moving out into the cloud and to the edge. And I think that COVID kind of forced that.”
“You’ve got to think in terms of securing our edges, and that has cre- ated a huge paradigm shift,” another official said. “We were thinking about that already, but now it just became a norm.”
A third participant pointed to “a bit of a dichotomy”: Government leaders have realized that “accessible online services were absolutely critical,” but maximum telework also “opened
everyone’s eyes to what we actually mean when we talk about things being secure — not just being planned or being documented, but actually truly understanding about people, about identity, about devices because now we’re forced to work in this distrib- uted world.”
Getting traction on such topics was difficult before the pandemic, that offi- cial added, “because sometimes we’re speaking to people who don’t feel the pain. But now people’s eyes have been opened.”
The complexity of securing so many different services also poses challeng- es, other participants said. “It is really important to understand the roles and responsibilities of the service provider and the customer,” one said. “There are lots of service-level agreements out there.”
Several officials, however, argued that the biggest friction point involves authorization and accreditation. “You’ve got folks who are really for- ward-leaning on the development side, building and then deploying into the